3 matches found
CVE-2024-45758
H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command execution. Exploitation can occur when an attacker has access to post to the ImportSQLTable URI with a JSON document containing a connectionurl property with a...
PT-2025-18919 · H2O.Ai · H2O-3
Name of the Vulnerable Software and Affected Versions: h2oai/h2o-3 affected versions not specified Description: A vulnerability in the S3 bucket configuration allows public write access to the 'h2o-release' bucket. This could enable an attacker to overwrite any file in the bucket, potentially...
PT-2025-12046
Name of the Vulnerable Software and Affected Versions h2oai/h2o-3 versions 3.46.0.4 through 3.46.0.5 Description A vulnerability in the h2oai/h2o-3 REST API allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The issue exists in the endpoints...